Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"

How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?

Why would it be flagged for malicious? A lot of software reports back, that's how you're notified of new updates. Doesn't your firewall tell you when your software attempts to connect to the company's server?

A lot of software does report back, but to quote op "that does some spying and reporting on you." That doesn't sound like its going to be a legitimate implementation of some minor reporting back to the parent company. Especially given his goal of then filing a lawsuit against the violators with "big pockets". Of course firewalls should be able to identify outbound connections, but the point isn't that the implementation is weak. The point is that its a bad idea from the start.

I have another question to the anonymous devloper: Have you considered NOT being an asshole about it?

Yes, your software turned up on TPB. So has software from Microsoft, and from Adobe, and from Bethesda, and from... well pretty much every software company on the fucking planet. So your first job is to get over yourself and realize that all that has to happen is for someone to crack or strip out your copy protection once, and that's that, the DRM is meaningless and a wasted cost to you.

Now, have you considered building up brand loyalty instead? Reward your paying customers with support, treat them well, maybe give them access to beta or updates if they want. Focus on making your software the best you can, and making your customers feel like their investment in your software is worth it.

Now let's look at your NEXT proposal: Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version - Yes, it would be insane. Anyone who doesn't want to be spied on is going to block the damn thing via firewall, or they'll crack the unpaid version and route all its traffic to 127.0.0.1 or dev/null.

Or this: Some of our potential paying customers are using it without paying - face it, if they're not paying now, you are either charging too much or they'll be just as happy with freely available alternatives that either cost less or are completely free-to-them.

, and some non-potential customers are using it without paying. - If they're not a potential customer, why do you give a rat's ass? Again, they'll just go to some other source or use some other free (to them, whether actually free or not) program.

Chances are, 90% of the software's functions that these people are using are duplicated already by Virtualdub (Free/Opensource) and Windows Live Movie Maker (Not open source but free to anyone with Windows). If you want to make sales, try not being an asshole, price your program appropriately, and treat your customers as customers with whom you want to build loyalty.

Oh, and by the way: a legit copy of Adobe Premiere Elements 10, which probably does everything your software does and then some, is available for somewhere between $70 and $130 online right now. $10,000 for your suite? No fucking way it's even close to that cost.

I'd say you should have two versions of the software, like many high end developers do. One should be the "professional" full blown thing, and with the purchase price would come support, patches, and updates for a specified period, or indefinitely with maintenance. The other should be a stripped down "home" version which is either free or cheap. Don't put spyware in your software, it just sucks and makes people hate you.

I'd add another one here: Don't DRM, join the BSA, and if you have evidence that one of your potential customers is pirating your software, send the BSA to audit them. (fake an employee leak if you have to.) Odds are if they're pirating your software they're pirating someone else's and as terrible as it sounds, they'd be getting what they deserve.

While I have fewer problems with pirating at a personal level, pirating for-profit tools deserves no pity, especially if they're not hurting for cash.

This will be the least popular (in/. terms) answer to your question; but, it's actually the best one for your business as it avoids adding DRM (or a dongle) to your software but gives you a lever to enforce compliance.

Step 1: Join the BSA.
Step 2: When you detect illegal use of your software, report those firms to the BSA so that the BSA can perform an audit.

I would recommend that you ignore individual users who wouldn't normally be your customers; as, the BSA isn't going to audit them and for those users you are probably not financially out of pocket. That said, if you find that there are lots of individual rogue users, maybe that is indicating demand for a "lite" version of your application that costs 1/10th the full version and is accessible to non-commercial individuals.

EXACTLY this. I'll probably get stoned for this, but the one Software I *rally* like license-wise is the Oracle Database.

Download everything you like, use everything you like for prototyping and self education, no DRM at all, but God help you legal-wise if you are found to use it in production unlicensed somewhere. Either you will get sued into oblivion, or you will get hung out to dry if there is some problem someday and you can't get support when your business data is in jeopardy.

The *legal* copy protection is the only model out there where the customer has less problems than the pirate. With any *technical* DRM the customer has more problems than the pirate.

It must be nice on your planet. I mean, not having to make a profit and having fair minded customers.

Here on Earth, people will steal whatever they can get their hands on if they think they need it and it's relatively easy to do without consequence. Granted, some vendors are unusually proud of their software and a charge of $10,000 for it may be far more in value than anyone gets out of the software. These folks need to re-evaluate their price point. This is tricky, however. If your market size is small, sa

Have you ever done any video editing? You do realize that video editing is resource intensive? If you tried to run the software from a remote server it would be an absolute performance nightmare. You'd be famous for creating the slowest video editing software known to man.

I agree, however, that remote execution is the only way to prevent your software from getting cracked. Essentially the program never leaves the company servers. Crackers can't crack what they don't have. Another "solution" is to release software that is so bad or that does something so useless that no one will bother to crack it. Or there is always security through obscurity. Don't tell anyone about the software. Keep it a secret. If people don't know about the existence of the software they can't crack it.

If your market size is small, say 3000 users total, you may have to charge that much to pay development staff a decent wage and keep the lights on.

If your market size is that small, finding out if they're using your software without paying is pretty damn easy without having to resort to spyware and nonsense.

That's just the economics of software. Niche market software is always more expensive and has to be. Ultimately, customers should be able to decide if your software is worth that much. If they can get it

People, somewhat, businesses, generally no. The question of whether to spend $10k on a license or to defend a possible lawsuit in the future with lawyer fees, damages, and the license they should have bought in the first place isn't even a question for most businesses. All it takes is one (ex-)employee with a grudge. Sure, there are exceptions -- companies run by idiots who are penny wise and pound foolish -- but they tend not to last very long anyway.

And $10k isn't an outrageous price for commercially used software at all. Our software is very uncomplicated and starts at about $3k, and we sell tens to hundreds of programs to individual companies. Why? Because it costs a lot more than that for someone to hire a competent developer with the technical knowledge necessary to write the software themselves. Even if they hire a developer on contract, they need someone to support it, and support can get expensive when you're not pooling your resources with other clients and getting "free" updates and bug fixes (built in to the cost of the software, really).

What the original poster *should* do is accept that the people who aren't paying for the software are almost certainly people who never would or could, but that these people are still providing a service, because they'll eventually take their knowledge and (if it's worth pirating over, say, Sony Vegas or Adobe Whatever) love of your software to their job where they will extol its virtues, and where sales will potentially be made. The question would actually be much more difficult to answer if he were writing consumer oriented software, but he's not, so the answer is simple: ignore the piracy unless and until it's brought to his attention that a business is using it without a license, and then decide how to handle that separately. Running video editing software in a browser is particularly stupid given the bandwidth requirements, unless you're suggesting that the processing be done locally, which is also stupid because then you're creating unnecessary overhead versus a native app AND it can still be copied. There's nothing magical about running code locally just because it's running inside of a browser.

You're the ones who are lost in space. As has been repeated many, many times: copying is not stealing. Maybe it's illegal, but if so, it's a different crime, just like vandalism is a different crime. As long as so many of you have difficulty with this basic fact, we can't move on. You refuse to see copying in any other light.

Copying is good! We all benefit from easy copying. But some of you have bought into the dream that you might create something of value yourself, and think you need copyright to protect your valuable work from exploitation. You're so afraid you might miss out on some profit you deserve, you'd strangle all creativity and ignore huge, huge savings just to prevent that possibility. Many also significantly overvalue their work, and feel that those who disagree with their valuation are just robbers, trying to lowball them. You think no one would pay if they didn't have to, that strong protections, harsh laws, and force is the only way to make it work, and that force can make it work. Yet no force can make it work. The current copyright system functions somewhat because there are lots of people who could pirate but choose not to. In other words, they didn't have to pay, but they did. They were not forced. There is another way, and it's called patronage. But you can't believe patronage could work. You believe in copyright, despite the many ways in which it is broken, but you won't give patronage a chance. You think if only we got serious and really clamped down on piracy with even harsher laws, more invasive surveillance, and harder locks, we could make copyright work. Except that can't be done. Even if all that could be put in place, it still would not stop piracy. The cloud is not a silver bullet that can fix all these problems either. There isn't anything that can. We'll all have to continue suffering with this costly, dysfunctional system.

Here on Earth, we obey the laws of nature. You cannot reasonably regulate copying. Copy protection simply does not work. Only has to be cracked once, and protection is always cracked. Software producers have been trying copy protection schemes for more than 30 years, and not one has remained uncracked, not even for long enough to wring all the value out of initial sales.

I am somewhat curious what this ten thousand dollar per seat software does that an open source software can't do. Probably nothing. Ten thousand dollars. Crap, I could use ten thousand dollars to put a computer into as many as fifty classrooms in a third world country. Ten thousand, for just one license. That is ridiculously over priced. Sounds to me like the submitter has wasted his life developing something that no one in his right mind would pay for.

Chances are, the "non-paying" customers who are "not potential customers" are people who are using the software to do something like clip videos of their 3 year old crawling around to send to the grandparents.

A dozen free or cheap alternatives, but they were told by a "tech-savvy buddy" that "this software is really kewl."

Note his example pricing - $10,000 a copy. Want to wonder why the potential pool of "non-paying customers" is so high, that's probably the reason. Same way that for the longest time, before their prices came down to something approximating reality, Adobe just kind of looked the other way when kids at home would get copies of Premiere or Photoshop; Adobe assumed that when/if the kids ever got into jobs where they would be doing that sort of work, they'd get the business to buy the software and convert into paying customers, and it was better (for Adobe) for the kids to be used to using pirated Adobe branded stuff rather than, say, GIMP or Paint.net and realizing that Adobe didn't need to be part of the equation.

In my defense, I'm not saying the world is doomed because his software is TPB. My point was more to the effect that these companies can take that kind of loss, a small company has a much harder time loosing sales then megacorp.

The real question is this: Are you really charging the right price if someone is going elsewhere for your software (like TPB). It's part of the reason why most companies do either a "per person" or "per CPU" or etc type pricing model to make it far more affordable for small companies (plus vendor lock in) and profitable on much larger companies.

Keep in mind, pirating is always going to happen, even with fair prices, so back to my original post on helping slow that down even.

I'd like to add:
4) Along with spying, enable ability to send pop-up to individual users if you notice non-paying business usage, and give them a way to contact you to negotiate. Maybe it's not worth $10,000 to them, but it's probably worth *something*. Maybe $1,000? Maybe $100 a month? Anything would be better than stealing and getting nothing from them.

I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download

I think every software company should have a "pay us something if you downloaded our software" option on their website somewhere.

I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download

Have you tried? I've purchased several application from small-business vendors at a discount simply by sending an email saying "I like your product, but it's value to me is $X instead of your price at $Y. Would you be willing to sell me a copy at $X?" You'd be surprised, it works. I think some companies recognize that a sale made at a discount is better than a sale lost entirely.

If you can make $10,000 by selling one copy at $10,000, but you could make $20,000 by selling 100 copies at $200 each (and enough customers exist that WOULD pay that but will never fucking pay $10,000), and your current price is $10,000, most people would say you're overpriced...

Of course, there would also be the option to sell the software with "Online User Community Support" for $100, and with "Work hour e-mail support" for $1000 and with "premium 24/365 phone support" for $10,000.

If the act of copying the software one more time is cheap, but support expensive, then charge for what really is expensive.

You can also embed watermarks into each sold copy of the program, different for each customer, and use that to figure out who's uploading their copy to TPB. For a small company and $10k per copy, it might be worth it to sue the customer who let the cat out of the bag.

I don't think he's interested in stopping the piracy by forcing hardline anti-piracy methods. For one, it is made clear that non-customers are using the product, and if they are, it's like free advertising. I could imagine a full-fledged professional version requiring a dongle, though.

There are a number of business models that avoid piracy, like student edition software, low monthly subscription, or using a stripped down "free" versions.

Dongles are not 'hardline anti-piracy methods'; Avid use dongles and their software is still available on pirate sites. Dongles are a way to keep honest customers honest, because they can't accidentally install the software on ten PCs when they only bought five copies.

They're mildly annoying to legitimate buyers, but far less annoying than crappy 'activation' schemes that deactivate at random and lock you out of the software you've paid for.

So just write the software so that it operates in "free user" mode until it finds a dongle. That would get him out of the business of maintaining two versions of the software and destroy most of the desire to crack the software. Besides which, if the dongle calls are interspersed across multiple libraries, it'll be too much of a pain in the butt to remove them all every time he updates the software.

For extra points, build in the ability to remote disable the code based upon particular dongle numbers, have the software phone home with its particular dongle id, and when you see a remotely multiplying dongle spread across the world, just disable that dongle number and reissue a replacement to the legitimate owner.

If you're going to run a software business you need to run it like a business. This isn't hardcore antipiracy. He's just making it easy for casual pirates to play with the software without broaching the reason why people will pay $10k for it.

Yeah, as far as I know, iLok 2 [ilok.com] hasn't been cracked yet. I have only heard of it being used for music software but I can't think of a reason why it couldn't be used for other varieties. No idea how much it costs though.

Can I suggest a counter argument though? It was piracy and ease of acquisition that made things Windows and Photoshop popular.

My guess is that's security through obscurity at work. That key hasn't been cracked because there hasn't been enough reason for anybody to bother cracking it. It's possible that $10k/copy software locked behind it would get people interested enough.

The problem is that you're running up against the software version of the analog hole. Before you feed it into the processor pipe, your application has to be in the standard machine code format that your processor is going to understand. You can dedicate some small portion of your codebase to refusing to work under certain circumstances, and you can make the binary inaccessible until right before it gets executed, but if the entire working application is on a cracker's computer, he's pretty well guaranteed a way to beat it. That leaves always-on style DRM schemes that constantly phone home to continue working, but if I buy $10,000 a seat software and I can't use it because one of your servers goes down, you can be pretty sure I'm not going to be very happy with you.

You also have to remember that hard to break DRM isn't a deterrent to your average pirate unless it is so hard that nobody does it. So what if it takes Sven The Reverse Engineering Scandinavian 30 hours of Monster and amphetamine-fueled thrashing about to circumvent your USB key DRM scheme? That will just make him even more of a hero when he posts the cracked copy of your software to The Pirate Bay for everybody to install. And at that point, the pirated version of your software is now easier to use as a consumer than the commercially released version; you are trying to sell an inferior product.

No better than DRM. As far as I know, it all comes down to one of two types of setups:

"Is this authorized? Then do stuff" However the sophisticated the rest of the setup, all a cracker needs to do is identify this if conditional and patch it. In this type of system, the rest is just obfuscation of where that clause is, and how it works.

"Decrypt necessary code or data, then execute." At some point, the encrypted material will be in the clear, at which point it can be snagged. Binary gets patched to use the snagged, unencrypted form rather than need to use the encrypted form.

Now, I'm not an expert; I just develop software. I haven't tried to crack others' protection.

I have seen setups where the dongle contains a processor and code (quite a library actually) - the software then calls this dongle to perform certain critical calculations. Quite hard to hack if the algorithm is unknown...

But crackers are able to figure out unknown algorithms when they create key generators. Why would this be any different? In one case a unique key of some kind is created by a CPU attached to your USB port. In another it is created by a secret software program that only the developer or publisher has. Either way the cracker is left guessing what the algorithm is. Anyway, all of this ignores the possibility that the cracker could just remove the dongle checks entirely from the binary.

And most of those 35k checks are going to use the same idiom, right? Or did figure out how to make each one sufficiently unique that scanning the assembler code for a fingerprint wouldn't find it.

Did you call a function which performs the check? Patch the function. Did the compiler inline it? Find a few copies of the check, find the common sequence of instructions (or, if you're really clever, the semantic behavior of the instructions, so you don't get twigged by compiler optimizations), and scan the code f

The point is, nothing is 100%. The game is to make it sufficiently difficult that the number of people who have the skill and time and interest to crack the protection is small (for a suitable definition of small). Then people will have the choice of either a) lots of effort to steal code which will become obsolete or b) pay for it.

Did you see me arguing that anything was 100%?

Could anyone do it? No way

It only takes the one, who turns around and uploads it.

Is it something that one does in an afternoon? Certainly not. The level of effort to crack this sort of scheme is actually quite high

Sure. But most people I know who've ever done this kind of thing do it for personal entertainment and challenge.

at the end of the day you end up with one version of the product which one will have no support options for, and which will rapidly become obsolete.

Yup. I've taken support calls from people whose serial number matched that of a cracked version of one of our products which floats around being sold by a scam artist. You know what we do? We solve their problem, and then offer to sell them a legit copy at a discount. Having just gotten out of a time-sensitive jam, they're always quite happy to get things straightened out properly. I'd much rather distribute the software for free, and then go the support route. That'd clear off that scam artist, too.

That's an interesting idea, but what if one of your customers copies that code from the dongle and uploads it to the intertubes where cracker groups can just insert it back where it belongs. It might also slow down the program. For a word processor that might not be noticeable, but for something like video editing it probably would slow it down noticeably. Then you'd have the usual situation of even paying customers feeling pressure to download the noticeably faster version from TPB.

I was crunching on an all-nighter once, just putting the finishing touches to a product prior to it's version 2.0 release. Whilst building the installer, I thought I'd browse the web to see if the first version had been cracked yet. Rather interestingly, I came across a download link for version 2.0 of the software, as well as a number of torrents for it. Most of those were only available if you bought some premium rate download service membership or some crap like that. I think that a small fee for a downl

You only need one customer cracking the software, dumping the decrypted form to disk, and uploading to the Pirate Bay. Now you have a massively complicated and expensive DRM system that only punishes people who actually paid for your product.

I use Autodesk software. I note that it does not use a dongle. I see other software does use a dongle, and see that there are issues with OS updates. I am not sure how widespread the problem is but my preference as a consumer is not to be inconvenienced by the software I pay for.

A model I can live with is one in which a big watermark is placed over all print, and a pop up is presented occasionally to make the user aware that the copy is not licensed and how to get a license.

Years ago, before the internet was used for verification, I used software in which each copy appeared to be personalized. The company details could not be changed by the end user. Therefore the software could be loaded onto any machine, but it was not practical for another firm to use the software because all prints and interactions wold list the original firms information.

Just some ideas that might not cause the user to hate the software while still providing some incentive to pay for a product that presumable generates profit for a firm.

I use autodesk software. It does not use a dongle, but it does have a rather draconian license server. Once upon a time, they had learning editions with watermarks, and now they just have 30 day trials. Trust me, a dongle is far less hassle than autodesk's license server & license keys.... especially if you need to get a range of their software served from the same machine.

I agree. At $OLD_DAYJOB, we sold software for about the same price per perpetual floating license. Early versions of our software used password protection which was easily circumvented, then a software key based system (quickly cracked) and you could find those versions of our software all over TPB. After a major overhaul to the software, we incorporated WIBU key dongles and peppered our code with various kinds of dongle interactions. There were literally thousands of license checks. There was also encrypted data stored in the key itself that instructed the program how to run. In three years of working there, I never ran across a single instance of our new software being successfully cracked. We were very happy with this, especially considering we sold the full version (at huge discount) to students, and had several commercial and academic customers in China.

The only problems I ever had with piracy of our software included a guy who had the old version who came onto our forums asking for help, apparently not realizing we knew who every one of our customers were. We also had some students at a Canadian university install pirated software on lab computers. The installations phoned home to say "I've been installed!" (there was nothing nefarious, it was designed to do this as part of the registration process) and we noticed that the school wasn't licensed for that version. Their IT department was very helpful in tracking down those responsible.

We said very clearly in the installer that when installation was complete, the user would be taken to a registration page. Registration included name, organization, address, email, and software serial number. Upon successful registration, you were sent your unlock key (based on the serial number).

The registration page was hosted on our own web servers, so we knew when software was installed (and the IP of the machine it was on) based on when a registration page was loaded. No other data was transmitted,

How about moving the code to save your work to the dongle? Encrypted, of course. People will be able to toy around, but to actually do something useful they'd need the dongle. You could even give away the software for free and sell the dongle. It will work as long as the encryption doesn't get cracked.

The encryption won't get cracked, that'd be quite silly methinks. Whatever key is used on the application side will get replaced with a different one, and then you can encrypt whatever you want and send it to the application. Then you use a filter driver that pretends to be the USB device, and that's it. Of course the saving code would need to be captured, but all you need for that is one working system: capture it from the memory (say a VM snapshot), roll into the hack, end of story. The only thing is: how

You don't lose your work or your backups, you just won't be able to save new work. And I'm sure that for 10k, the company will gladly send you a replacement if you lose or break it and you can prove you own the software.

There are simple dongles that do nothing more than identify themselves and the software checks for the presences. Those are easy to get around.

There are others that decrypt for an incredibly short period of time blocks of code in the program itself. Immediately upon exiting from that block of code it is re-encrypted. All of the encryption and decryption is done by code running in a processor on the dongle itself. If you don't start with a copy of the program with a dongle it is pretty much hopeless. As

Well provide the paid version like you do now, and provide a stripped down version that has some really neat features that the pirates who would really want your software would use. There's no form of DRM that will stop anyone from taking it, none. Auth servers? Crackable. Dongles, about 8mins with a soldiering iron. Token keys, same deal, just longer. Rings, yep. And every bit of DRM that you use, will more than likely piss off your paying customer when it breaks the software.

Unique serials do work, especially if they're uniquely identified to who you're selling it to. Then you can at least go after them for copy infringement.

Doing some of the processing server-side might work for some applications but not for video editing because of the immense amounts of data that would need to be uploaded.

Thats assuming you'd need to upload/download the whole works.

It would be hilarious if the app had no concept of how to create a simple.avi header each time it saved to a new file (made up example). You can't just NOP around that, and its not much bandwidth and its probably too much of a PITA for the crackers to write their own.

The only thing funnier is the support calls when your https avi header webserver is down, or when the paying $10K customer is having a momentary internet outage or firewall issue. ha ha funny.

No matter how much DRM you put on it it will always be removed. The best thing to do is concentrate on adding value for paying customers. Do an on-launch check against the serial number over the Internet. If no Internet is available up to X number of times then launch without it. This is similar to what DOOM 3 by id Software does. If the same serial number is showing up too often then ban it. Basically: you're a niche - put a little DRM on it, enough so that a normal user wouldn't notice it at all ideally but at the same time that just enough that it would need to be cracked for every version for illegitimate users.

Being video editing software the real solution is video edited by an unauthorized unlicensed copy automatically uploads the edited video file to pirate bay.That would scare the crap out of genuine commercial users, yet the future customers who are just experimenting or people who are experimenting and will never be customers simply won't care.

Even just posting a couple random stills converted to.jpg onto 4chan would freak out the commercial customers into paying up.

Actually, I'm pretty sure it would freak out the paying customers into switching to the competition's product ASAP.

Intellectual property is what pays the legitimate customers' paychecks. Keeping it off of pirate sites until it reaches the intended (revenue-producing) venues is job one. When they hear that their video editor has code in it to automatically upload their work product to a pirate site, they will drop that program so quick it will dent the floor. The fact that the shenanigans are only "suppos

$10,000 is a lot. Maybe make real but effectively no-op customizations to each legit copy so each is unique, including a banner that says whose copy it is. If it later shows up stolen you know whom to sue. Add some phone-home statistics and you know how much to sue them for. Do a little runtime checking on the visible ID banner to make hard to remove.

Not for commercial use option would allow people to upskill using your product. Some of these guys may end up in the industry you sell to and in taking their skills into that industry raise your products profile. I would think that this is the easist way to become the defacto supplier of niche software. However, spying on these people might turn them away from you.

Exactly, how can you prove that potential paying customers are using it? I work at a rather large company and stuff is locked down. You're not going to be installing pirated versions of anything.

One example is Matlab. I pirate Matlab, I don't feel bad about it. I use it for random home projects (Especially since Simulink works with Arduino). I'm not a potential paying customer. I'd never be able to afford a seat. But I can put that on my resume and sell myself to a company. My COMPANY then buys it. That is your customer. I've even talked the powers that be to buy some additional licenses to toolkits that I taught myself to use on the pirated version. I know they have a 30 day trial but you never know when you're going to need that toolbox to experiment with.

I don't know why every company who sells serious development/production software doesn't give away "developer versions" of their software which can legally be used for home-use only. No one is going to pay a boatload for software that isn't going to make them money and any serious business whose employees use the software will be willing to pay for a legitimate license.
*cough*adobe*cough*

Complex applications require that people know how to use them, and it takes time and investment for people to get trained.An growing expert user base is the best advertising that you can get. Having your SW out there, in the hands of students and young people trying to figure out how to use it helps it remain relevant as they go to work for companies that end up purchasing the SW.

IMO, more than open source and the Internet and hosting (paradigm shift), this is what is actually killing off Microsoft. It used

Octave to Matlab is as a transvestite is to a real woman. Octave is a joke compared to Matlab. It'd be like me coming into a discussion about C and suggesting everyone just uses PHP, because it's practically the same syntax.

There is absolutely no Simulink equivalent, there aren't anywhere near the number of toolboxes. Matlab is expensive because Mathworks pays some top level PhDs to develop them. As far as I can tell you can' compile Octave to anything. Simulink will compile to one of a dozen embedded proce

I thought all the $10K video editing programs had gone away except a couple of holdovers from yesteryear. Use a hardware dongle and piss people off like Autodesk did. Or use an online authentication scheme that will piss off other users. Hell, for $10K, fly a lackey there to install it personally.

My point is, if someone wants to crack it, they will. The high price tag makes it more attractive.

Is there potential for offering a basic product for a nominal amount, and selling modules which improve functionality to those willing to pay?

I certainly wouldn't pay the many thousands of dollars for Photoshop, but I might pay the hundred or so for the functionality I actually needed. Bolt-ons seem to make sense when appealing to many different markets.

As I said in a different post on a different subject, it depends on the price. I've used pirated software before I earned my own money, but now I have a modest expendable income I can afford to pay for convenience. If I want to use one feature of this product and my options are $10,000 or piracy, then I'm kind of limited to the latter. If my options are $10,000, piracy (and the risks that entails) or $150 for product + $50 bolt-on functionality, then it looks a lot more likely that I will buy it.

Your flaw is to assume those "pirating" your software are "potential customers". They are not.

That's an incomplete assumption. Some of those who "pirate" the software are potential customers who won't pay $10,000 for the full product in order to use the two or three tools they actually want. These would maybe pay $50 for a basic version (home user), $200 for extended (mom and pop video editing, semi pro) etc. They may also be interested in paying only for certain features as modules instead of certain package types.

Making paying customers out of pirates is about offering a better service. If I can pay for what I want and have it conveniently offered to me, I more than likely will. I won't, however, pay $X,000 for a funky filter effect as (was?) is the way with Photoshop. Then again, Adobe have already said that those using unlicensed copies of Photoshop just lead to companies using PS as the standard because everyone was familiar with it. Guess that could work too.

My recommendation would be to provide a not-for-commercial-use free version which is almost totally identical to the premium version. Have this version embed a digital watermark so you can identify if videos pop up commercially which haven't paid for a commercial license. Make it non-obtrusive so home users don't mind (I recommend it not being a visible logo or anything of that sort, just the digital watermark).

You're not going to be able to prevent a pirated version from cropping up except that you make the pirated version not attractive compared to the legitimate version. Those inclined to not pay for the software are not going to pay for the software. Provide it for free with the forensic ability to detect license violations. The paid version places no watermark, so you get the best quality and the legal right to use videos commercially after it's paid for.

Digital watermarks survive re-encoding unless the re-encoding is very aggressive (at a substantial quality loss). You can use different strength watermarks which survive greater amounts of distortion. It's not impossible to remove them, but it can be challenging without really impacting image quality.

Yes, of course. That's why it's important to make the watermark not very intrusive (why I recommended not including a logo overlay). If the watermark just looks like film grain or ISO noise, most free uses of the software won't mind - maybe won't even notice - and so won't be compelled to find a pirated version. The commercial users who'd be inclined to find a pirated version because of the watermarking would have been inclined to pirate it either way; you'll never get a license fee out of them except through litigation. At least the watermark makes it likely they either don't notice they're leaving behind digital fingerprints, or don't care.

... and include in the license agreement that the user agrees to pay royalties of X% on gross revenues for work involving the files, but with the stipulation that you won't go after users earning less than $Y. Then offer an ability to purchase a royalty-free license for your $10k price. Big commercial users would want the royalty free license, small commercial users would want the percentage license, and non-commercial or educational users could use the program freely. Then, just watch for the watermark in videos of commercial entities that haven't paid.

Can also add in a quick reporting function, and check if the source IP is from a major studio.

Disclaimer: I am not your lawyer, this is not legal advice, but is simply for my own amusement and should not be relied upon.

The thing is, most people who crack DRM don't do it so some megacorp can avoid paying license fees to some other megacorp. If the copy protection scheme doesn't affect home users, nobody will give a fuck.

Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000?

Watermarked as non-commercial use only? Hilarious if you run your water mark detector on a TV show or movie and it shows up and you start blogging about the pirates.

Another good laugh would be bait and switch the free version has 75% of the features removed at compile time. You can left align or right align all you want but if you want to center its $10K. Or you could use any font you want for $10K but for free its only possible to use... comic sans.

Another good laugh would be speed. Intentional slow down loops in the free version. While evaluating your software for possible purchase do I care if everything happens 20% slower? Heck no. But if I'm a bean counter at corporate, I'd be insane to reduce my employees productivity by 20% just to save $10K Unless said employee using the software for 2 years earned less than $25K/yr, which is probably the case outside the US...

The problem you're going to have is "free or $10K" is an absolutely insane market. It better be unimaginably amazing to be worth $10K in a world of 99 cent apps and $100 video editors. Rather than the revenue from 100 sales at 10K each, wouldn't you prefer a million app store sales at $20 each?

Would I download your software for free at home if its legal? Maybe. Why not a license of pure profit where any CC released work is a $10 software license with no support. The cost to you is minimal and you get "free" revenue. Or a license where its gotta be CC licensed work with a link to your company in the comments or credits screen or something, basically they pay you, to market for you. Or "please support us by purchasing an anonymous coward XXL tee shirt along with a software license for CC released works for only $50" Or the software is free for CC editing work, but the fine manual in printed and pdf form is only available for $50 along with a formal written license for CC-released work.

after 10 min just pop up a random passage from the user manual and make the user find the correct page. the longer the manual, the more effective this is. alternatively, devise a strange set of symbols and provide the user with a high tech spinning paper wheel so they can "decode". this isn't rocket science here ; )

Use FlexLM (license server tied to a hardware address - defeatable, but annoying) like the the majority of other vendors. Also, try to remember that you're company is in it's infancy. The more publicity and use your product gets the better. Better to lock it down after more people use it than before.

If you think the software is good enough, then a non-commercial version with limited registration information (e-mail, name), and some very privacy-thoughtful reporting (maybe to ensure that the registered serial numbers are only being used by one machine at a time), should only be a good thing. Getting your software into the hands of the people that might buy it will get them used to it, relying on it, and eventually make them customers. But (as others here have posted), don't abuse the "spying"... if you start to make money by pilfering the free registrations for ancillary information you're just going to annoy your users and they'll be more apt to pirate the software or use fake registration information. Giving them something in return, like forum access for very limited support, is helpful.

Other possible models include giving the software for free and asking payment for support -- nearly all profitable Open Source companies do this, and even if you leave the source closed the business model isn't terribly different. You could publish a "crippleware" version, which I find rather annoying, unless the limits are such that the home and non-commercial users needs are really satisfied, and the only people that need to pay $10k for the software are those to whom it's worth it. I give a nice shout out to Andrea Mosaic [andreaplanet.com] for doing this correctly (at a lower price point).

Lastly an option you may have missed may be to ignore it because it isn't a problem. A pirated version by a customer that wouldn't have paid anyway probably doesn't hurt you. A pirated version by a customer that would have paid may actually turn into a sale if they need assistance. When you upgrade, if the pirates liked it, they'll want the next version, so they may buy. It may be pirated by employees or students who years later may remember it and decide to buy it. You never can tell.

In those cases, you're getting your software out there and used; you could take an "all exposure is good exposure" attitude. The fact that you didn't list the name of your software in the original post here means that you may not think that way, or you may outright disagree.

Still, piracy is going to happen. At least you're asking the right questions. Don't let yourself get dragged into a fight with the anonymous masses on the internet, though -- you'll probably lose.

Apple has Final Cut for the prosumer and wannabe proAvid is the pro software marketpeople like me use imovie or adobe something which is like $100 and includes the adobe version of iphoto whatever the name is

video editing software is a mature market. unless you are making some cool plug in or your software does something really cool that the big boys don't do you are screwed

The only DRM you need is: Make sure that your users have a valid serial number before you start providing support for the product.

You're trying to compete with 'free'. The solution is to make the version you're selling for $10,000 worth that much. Add more features, innovate, and provide support to the users who have paid you.

Also, most of the people yanking your software off of the Pirate Bay are not your customers now - they either can't afford it, or they're not even sure if your software will meet your needs. In the future, they might have that same need AND the money to pay you, and at that point they'll know your name.

In short, the software would still work, but re-direct people to a page letting them know that they've been "caught" pirating software and that they should really purchase it. This won't stop everyone, but some people (especially in a business environment) won't risk "being caught", so they will purchase the software knowing that you know that they know they are pirating your software.

Is what the software does worth $10K? If it really is, then you'd be far better off hiring some in house editors and offering your services using your magic proprietary undistributed tools. After all, you'd be able to undercut all your competition by at least $10K/yr equivalent.Its has to be worth more than that, like $25K/yr, otherwise your purchasing clients would not waste the time and money learning new software, they'd just throw more bodies/billable hours at the task and not have to deal with you. They're planning to save $25K using your software of which they're giving you $10K to keep it legal. Why not keep the whole $25K for yourself?Its one of those put your money where your mouth is moments... if its really worth the dough, you'd make more money reselling video editing services than you'd make selling the tools to edit video.My guess is, you're about to discover the appropriate price would be maybe $100 not $10K.

I have a Reprap 3d printer. The software that seems to work the nicest for designing parts is Solidworks. But they only sell it in two ways: for business for about $4000 and for verified university students for $150 a year. I'm neither. They don't make an option for hobbyits. Which leaves me with the Pirate Bay option. That kind of sucks because I wish there was a way a hobbiest could use this software without stealing it.

So that's something to consider. Who's stealing it? If it's businesses then yeah you have a problem. If it's hobbyists then maybe it's because you don't have a deal for them.

When your software is THAT expensive, then you can afford to compile each instance for each customer. By recompiling for each customer, you can make each release version they have unique to them so you know where the leaked copy came from. Secondly, you can also arrange and require a "license server" on the network where it will be run. This enables a machine to run without internet access but will need access to a licensing server. You can figure out the details to make it usable but the idea is that it won't run without licensing information available at any or even all times.

And since you are compiling each copy for each customer's site, "cracks" will be a bit harder to maintain, but in order to accomplish this feat, you would have to take some pages from virus writers' playbooks.

In the end, everything I have spelled out is defeatable. EVERYTHING. In the end, software is a series of instructions that the computer runs. It's not a magic box.

And this interpretation of "potential customers just getting it for free" is nonsense. If they use it professionally, they will pay. There will be incidents where some professionals will not want to pay. You will either have to live with it or spend a lot of money on investigators and lawyers. Is that really where you want your existing profits to go?

DRM is nothing but SnakeOil, and any salesman that tells you it will cure your problem is already counting his money. The fact is, as others have already noted, is that any DRM can and will be broken. In fact there are people out there that don't even want to run your software, they just break the DRM and post it on the Internet for fun. These are serious hackers, and you only need one to waste all your DRM SnakeOil money. There is no DRM that is worth the money.

Ok, I hate being pesimistic, but we need to face the facts. Money spent on DRM is wasted money. However, there are some ways others have spoken about that have some merit, but also problems. One such is the aways-online network model and also hardware dongles. Networks go down and standard dongles are easy to hack around. So, what to do?

The always-online model has the strong point that a portion of the processing can be off loaded so the central server, and user's software itself has code missing that can not be simply hacked around like in the dongle. The dongle can have some unique embedded features which can be tested for but is generally easy to hack around since its easy to bypass code. What about a mix of the two? What about a custome dongle that actually adds processing power to the software and the software is then sold as a "system".

If the dongle/board/unit has real functionality (e.g. FPGA accellerator board) the software without it is useless, and if the device is non-trivial it would be very hard to duplicate by the average hacker, and they couln'd just post the results of that hacked code online. You need both. It would be too costly to develop the replacement hardware for fun and impossible to sell it without being noticed. It would not be like a "standard" dongle that one can hack by putting in noop's and nonconditional jumps to deactivate it, as it actually does things the software side needs. A pirate would have to be *very* comitted, and with much more money and resources than the cost of one simple licensed unit to even think about trying to replicate it. As long as the coprocessor dongle unit adds functionality in the form of function or performance it may be acceptable to users, but not unless it actually gives them something for their money. So, can you product be decompoed into two peices where a portion is hardware accellerated?

At $10,000 for a license, the software you sell is not a consumer product. That's not to say that a consumer may not want to use it, but that you've already discounted them as a customer. You should simply not trouble yourself with thwarting them because they would never be able to pay for it. They aren't your clients and by familiarizing themselves with your product, they may well turn their employer or future employers into clients. Some companies even embrace the idea by offering unsupported no-cost versions for non-commercial use.

Once you've decided that your customer base will only be professional / commercial customers, then the license is the important part. A commercial customer stands to loose A LOT if they are caught using unlicensed software. For them, they should consider the software part of their cost of doing business. If your product is too pricey, they should select another, otherwise, they need to purchase it and expense it. If you catch a customer using unlicensed copies, contact them and give them an opportunity to true up (after all, sometimes companies simply loose track of how many licenses they purchased - crappy license management is rampant). If a company still continues to use unlicensed versions of the software, then have a lawyer draft a demand for payment (and consider terminating their licenses; mind you, you'll loose them as a customer). When all else fails, file an infringement claim against them.

There's simply no DRM scheme that's 100% effective, and it only needs to be cracked once for it to become widely available. DRM schemes cost vendors like you lots of money to implement, and they are invariably a nuisance to the customers that legitimately license your software. Ultimately, DRM makes the pirated copies more valuable -- they are more portable between systems as they are upgraded, there are no dongles, issues with license key management, etc. It would be hard to make the case that DRM is likely to pay for itself.

Specialized software can be very expensive especially when there is no alternative around. I've seen this happen many times with businesses looking for some special iventory database, or software to run specialized equipment. The problem is that other software companies catch on to these specialized programs and start selling similar software for a much lower cost. It's like tapping into a new idea, charging a crazy amount for it until someone else jumps on, and the price falls down from $10,000 to $100.

You are living on some cloud nine. We have seats of parametric 3D cad software: about $4500 per seat, with a discount, too. Yearly maintenance is $1500 or so per seat. It works out because there's no one else who provides it any cheaper than that, and the file formats are completely proprietary and their binary structure is intentionally obfuscated. We attempted to move to a different system, by writing scripts for the source software to export all the data to a human-readable text file, and then writing ot

Some software just costs that much. Hell, a lot of software used by businesses cost much more.

When a company needs a certain functionality that just plain doesn't exist anywhere else, it has to be paid for somehow. I'm not sure you have a good understanding of how much time is actually put into developing software--an engineer who gets paid $80k/year costs the company about $160k/year. If that engineer works on a problem for 3 lousy weeks, that software cost $10,000. Just to develop. That's $0.00 profit for

What makes it worth 10k? How about developing software that takes a team of 5 people 3-7 years to write, for a target market of 200-500?

You and 4 of your buddies may be willing to work for the next 7 years for a possible income of (500*100 = 50,000), and you can split it between yourselves. Sounds fair. What number can I call you to schedule when you can start?

The best way I've found to do this is to have a non-obvious component actually doing the licensing evaluation (periodically as part of some normal functional operation) and if that fails to subtly screw up the operation of the software. You still want to have standard 'relatively easy to tear out' protection so that legitimate users get notifications of a bad configuration or license, but what you're trying to do is make the software useless for people pushing it on a torrent/warez site.

Yes. AutoCAD did that, back in the DOS era. There were several levels of protection. The first level checksummed the program during loading to detect a corrupted executable. That prevented any accidental error from triggering the deeper checks. Anyone attacking the software would first have to bypass the checksum code.
Further down were many other checks for changes to the protection code. These checks were executed randomly, based on the state of the program, at varying levels of odds. Some were exec